Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: New libxml packages fix several issues Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
- --------------------------------------------------------------------------
Debian Security Advisory DSA-1861-1                                           Nico Golde
August 13th, 2009             
- --------------------------------------------------------------------------

Package        : libxml
Vulnerability  : several
Problem type   : local (remote)
Debian-specific: no
CVE IDs        : CVE-2009-2416 CVE-2009-2414

Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several
vulnerabilities in libxml, a library for parsing and handling XML data
files, which can lead to denial of service conditions or possibly arbitrary
code execution in the application using the library.  The Common
Vulnerabilities and Exposures project identifies the following problems:

An XML document with specially-crafted Notation or Enumeration attribute
types in a DTD definition leads to the use of a pointers to memory areas
which have already been freed (CVE-2009-2416).

Missing checks for the depth of ELEMENT DTD definitions when parsing
child content can lead to extensive stack-growth due to a function
recursion which can be triggered via a crafted XML document (CVE-2009-2414).

For the oldstable distribution (etch), this problem has been fixed in
version 1.8.17-14+etch1.

The stable (lenny), testing (squeeze) and unstable (sid) distribution
do not contain libxml anymore but libxml2 for which DSA-1859-1 has been

We recommend that you upgrade your libxml packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:   366268 512cbc5adce12b54741cadd80e62eb7d
    Size/MD5 checksum:  1016403 b8f01e43e1e03dec37dfd6b4507a9568
    Size/MD5 checksum:      716 26bf8a9d037f583d4a9dc1dab5aa4792

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   429312 749dda70c33689b70d13469f6c3357ac
    Size/MD5 checksum:   233288 02b88e80b91681e956cb4ab19acfeca6

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   223558 ceb0d44c5a6a50373af43359e83667e7
    Size/MD5 checksum:   383872 fc52303783696d53c20999a82e962bd7

arm architecture (ARM)
    Size/MD5 checksum:   356830 43860080fa42274a3d7ad649a6dea3fd
    Size/MD5 checksum:   197970 63134af5530d4ab6f1a41046136ea62d

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   429646 938ea12262d6fe02426a8d59f5242794
    Size/MD5 checksum:   240036 52f8f7e7c277f0b37fdba7e4b1609f19

i386 architecture (Intel ia32)
    Size/MD5 checksum:   212762 b25bde43ee075fa743b1f037a43919b8
    Size/MD5 checksum:   364460 0d3f3229b87c1b2d2ff614679d805600

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   498736 7fa5b542dcd264d899ea0b49cdf4ffdc
    Size/MD5 checksum:   315918 7e2351fbb88e55dcabcd4bbca3bb26c0

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   411816 f32a3c2d678a256691a7a6b300467eeb
    Size/MD5 checksum:   209842 603a443d76deb3bafea7e288f102d2bb

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   408602 36e9600b0be7e846b4788cd475413858
    Size/MD5 checksum:   210312 e78866fce8cdc8fd0854203a73f50a6e

powerpc architecture (PowerPC)
    Size/MD5 checksum:   213862 5a6fde00e79c0ab8a873f0f0d2bfc028
    Size/MD5 checksum:   388622 c93294decb6b25bb4c3fe43dc0fa25e2

s390 architecture (IBM S/390)
    Size/MD5 checksum:   387402 43844dfcb0401e9fd1ac3d4c80281f83
    Size/MD5 checksum:   226562 c9da4865e04f157ceacde8f59b040f28

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.